I already reported some months ago, but nothing happend until then, so again. This forum has a spam-user problem. Most of the last 22 users (see screenshot below) are spam-users. In total we have more then 300 spam-users already. In my function as moderator I'm deleting them sometimes, but it doesn't stop.

It's always the same schema. A strange username, an age (mostly 30+ years old), countries all over the world, interests are always swimming, dancing, nightclubs or something like that, and in the signature or website-info there are links to strange pages.

They always have birthdays in the next few days after registration, so people who have a look who they are maybe will click on the spam-links.

I'm well aware. The ones that have malicious, ad filled websites were my main targets due to their nature. Rest are dummies with meaningful data that can eventually be cleaned too, since most of them have 0 posts and never log in again.

You probably know this: Some pages that require logging in, have this puzzle box, in which you're supposed to identify all objects (choose the squares that contain a specified object, e.g. motorbike) at least two or three times before all the squares are meaningless. It's a pain in the donkey when you always have to work your brain before getting into the forum, but it surely works.

Sounds good. I also will check once more, if I banned all possible spam-users. Can be, that I overlooked some. With some users it's also not 100% clear if they are spam-users. Sometimes I can just identify them by strange names, and no filled out data. But actually this also could be "real" persons. So it's hard.

I banned another user and his/her/its spam posts. This user had registered on Mar 28, so it doesn't really point to a flaw in the new registration system. Though it's interesting that we have spam "zombies" that lay dormant for such a long time.

Hmm, never quite noticed that. It might help to deactivate older accounts with no posts. Some regular users would likely get caught in, but it should be okay if we make a roll call thread for them to post in first.

And I banned and deleted more posts, this time from two (!) new users unfortunately (both joined Dec 27).

If they happen to be actual humans, the only viable solution would be to disable automatic activation.
We do have email-based activation enabled, right? (i.e., users are required to confirm that their registered email address is valid?)

Yep, activation is email-based. Marv also suggested enabling moderation for the very first post made by new users. However, while it would prevent spam from showing up again, I worry that all the moderation efforts would simply move from removing the spam to approving posts. Personally, I think seeing spam is preferable to delaying posts from regular users (such as this one).

Do we have questions now? I can't confirm without actually registering a new account. The initial registration page only has picture based reCaptcha. If we're asking questions relevant to the game, I can't see why so many spam users still succeed...

So, can anyone confirm that we're really using questions, and should we add more questions?

Oh, sorry, guess I was a bit tired at the time, heh. I tried to register an account as a test, and it indeed passed through just with the reCaptcha. It also seems to allow using easy-to-get temporary mails, so we should definitely look into blacklisting those. However, I haven't actually received an activation email yet. Not sure whether that is due to the site acting up (which has happened before) or if it actually does blacklist the email.

In any case, I'll look into re-adding the game-related questions.

Edit: Nice, it seems we can only choose one or the other.

I think reCaptcha is probably the best option, so I'll leave it as it is. As a side note, it appears that the phpBB installation is slightly out of date. I doubt there are any great new features to combat spambots in the latest release, but perhaps it might be worth looking into upgrading. It also looks like the announcement for the version prior to that has a "Please Update" note, as it seems to come with some security fixes. Our version is older than that one as well.